Cody Brocious -- a Mozilla dev and security researcher -- presented a paper on a vulnerability in hotel-door locks last month at Black Hat. Many electronic hotel door-locks made by Onity have a small DC power-port that also supplies data beneath them. Brocious showed that if he plugs an Arduino into these locks, reads out the 24-bit number sitting there, and re-transmits it to them, some appreciable fraction of them (but not all of them) spring open.
Testing a standard Onity lock he ordered online, he’s able to easily bypass the card reader and trigger the opening mechanism every time. But on three Onity locks installed on real hotel doors he and I tested at well-known independent and franchise hotels in New York, results were much more mixed: Only one of the three opened, and even that one only worked on the second try, with Brocious taking a break to tweak his software between tests.
Even with an unreliable method, however, Brocious’s work–and his ability to open one out of the three doors we tested without a key–suggests real flaws in Onity’s security architecture. And Brocious says he plans to release all his research in a paper as well as source code through his website following his talk, potentially enabling others to perfect his methods.
Brocious’s exploit works by spoofing a portable programming device that hotel staff use to control a facility’s locks and set which master keys open which doors. The portable programmer, which plugs into the DC port under the locks, can also open any door, even providing power through that port to trigger the mechanism of a door lock in which the battery has run out.
Hacker Will Expose Potential Security Flaw In Four Million Hotel Room Keycard Locks
Behold, the Blue Marlin, a “semi-submersible heavy lift ship” that is capable of hoisting and transplanting other, full-sized ships (that is ships as big or bigger than a US Destroyer-class vessel) all around the oceans.
Mister Alphabet is an action-figure designed to cleverly bend and contort into every letter of the Latin alphabet; the website is long on trademark warnings and arty Instagram photos, but short on details, like, “Is this an object of commerce?” and “If so, where does one buy it?” (via Kottke)
Phone chargers usually only deliver a few volts of juice at a feeble amperage, but they’ll deliver a lot more if you give them the chance. The BBC writes that a UK man died in the bathtub after being shocked by a charger connected to an extension cord. Richard Bull, 32, died when his iPhone […]
The Lightning port has thus far resisted the cruel fate that befell the headphone jack, and despite rumors that it may be disappearing come iPhone 8, for the present and foreseeable future, Lightning cables are a hot commodity for iPhone users. As such, we must make do in this strange time in which long, glorified […]
All the filters in the world won’t save your smartphone pics from a shaky hand. To really step up your mobile photography game, you’ll need some kind of mount to hold it steady. You could buy a smartphone attachment for a conventional camera tripod, but who wants to carry that kind of gear everywhere they […]
The forced transition from analog to digital TV signals was probably met with relative indifference from people with Netflix subscriptions and the “I don’t even own a TV” snoots. But anyone living in the vast swaths of the country that don’t have guaranteed high-speed internet, broadcast TV is a perfectly valid (and 100% free) way […]